HI,I have problems with the credential cache of the mfa vpn with okta,
in the sense that the first login with mfa works correctly but if I
disconnect and try to reconnect the forticlient dosentt ask me for the
credentials or the mfa and it connects w...
Hello, following this configuration scenario, what I configured is a
redundant that looks towards the primary router and the secondary router
and put the monitor of this redundant under it, in case a link of this
redundant goes out it automatically s...
Hello everyone, im testing a fsso solution where i have one machine that
work as a collector agent, and another machine thath act as a DC, all
the connection fortigate/fsso, fsso/dc and policy match work fine but i
have a mismatch in the logon user l...
Hello, there is exist a way to manage fac from fmg? I didn't find the
option to check fmfg under the fac interface as for the fortigates, when
I try to add ip from the fmg via the standard adoms it gives me a
network probe error even though the two d...
Hello,I don't know how to solve a problem with the fortimail filters,
I'm getting emails where the link inside points to a URL that is not
categorized as malicious (e.g. Information Technology) but then it
redirects to a URL that is actually maliciou...
Hello,thanks for reply, the redundant interface is composed by 2
physical interface, so if one these interface goes down, with this
configuration and without link monitor, ha will switch to secondary
unit?
When I go over the link I see the link before the redirect to the
phishing URL. So potentially this method is enough to evade fortimail,
which leaves me quite perplexed that there isn't a method that checks
the links that cause redirects.
Ok, I seem to have solved it by entering the command "no ip nat service
all-algs on the cisco router". I hope this is helpful to someone in the
same situation. BR, G
Hello, No, the firewall is not the suspect, I made a capture with
wireshark and the DNS responses from Google are transformed into the
private IP instead the public IP. Upstream I have a Cisco router that
also manages the dynamic DNS part and I think...
